by Brian Kirk
After news of the massive cyberattack and rumored $10 million ransom on the global powerhouse, Garmin, it’s only natural to wonder what went wrong. Did Garmin have a backup? It seems naive to think that they didn’t. Garmin has an estimated 15,000 employees, which surely includes a robustly talented IT team. With that level of team maturity, it is most likely Garmin had a tried and true backup methodology in place at the time of the attack.
Our Elliott Davis Cybersecurity team regularly performs security assessments for organizations of various sizes and nearly all of them are already performing backups. With the proliferation of cheap disks and the ability to extend data centers to colocation centers, it is common to see that an organization’s backup strategy consists of replication to near-line storage at an off-site location. While this will protect data from a physical disaster, it will not help in a ransomware scenario, especially if replication servers are part of the directory structure. Compliance with the Center for Internet Security Top 20 requires an organization to have backups to a non-continuously addressable destination (that’s fancy language for offline, most likely cloud or tape).
What about your organization? Are backups in place that cannot be accessed by attackers on your local or wide area network? One thing consistently present in assessments is that organizations greatly underestimate the sophistication of threat actors. In simple terms, you should assume hackers know it all; networking, operating system calls, application development, backup systems, replication technologies, virtualization, databases, switching, etc. The more advanced ransomware groups have someone on their team that knows the nuances of all those areas and many more.
Another common misperception is the belief that ransomware attacks primarily happen to large companies. Don’t let the size of Garmin fool you into believing your company is safe. Most ransomware attacks are against small and medium-sized organizations. Attacks are highly automated, so the hackers don’t often know the size of the business until it’s time to set a ransom amount.
Business and IT group leaders are encouraged to look hard at the present backup methodology and ensure a copy of business-critical data is housed in an area that cannot be accessed remotely. Executives should ask tough questions of their IT teams and determine a confidence level on recovery if an attacker gains access to the local network and takes everything offline.
It appears Garmin did not have the answers to these questions. Learn from their mistake.
We can help
For more information on cybersecurity for your business, contact a member of our team at Elliott Davis.
The information provided in this communication is of a general nature and should not be considered professional advice. You should not act upon the information provided without obtaining specific professional advice.